Channel Women In Security: Frameworks For Department Of Defense Compliance
In this Q&A, Bridget Wilson, senior vice president of governance, risk, and compliance at NetCov, shares her insights on leadership, navigating CMMC compliance for small businesses, and fostering resilience in cybersecurity teams.
Bridget Wilson sat down with CRN’s Cass Cooper, reminding us that success in cybersecurity requires more than technical knowledge—it demands curiosity, strategic thinking, and a genuine commitment to people. Whether navigating the complexities of compliance or leading remote teams, her approach offers valuable lessons for anyone looking to excel in securing Department of Defense compliance.
Listen to the full interview on YouTube (above), Spotify, and Apple iTunes.
What role does curiosity play in your approach to cybersecurity?
Curiosity is at the core of everything I do. It’s never enough to simply say, “Someone got into an email account.” I want to dig deeper: How did they get in? What were the indicators of compromise? What steps can we take to prevent it in the future? By understanding the full picture, we can move from reactive to proactive, addressing vulnerabilities before they become threats.
For example, when we identified a new type of email account takeover in 2023, my team worked tirelessly to understand how the attackers bypassed multi-factor authentication (MFA). Through that work, we implemented conditional access policies that now prevent similar attacks. That level of curiosity isn’t optional in cybersecurity—it’s essential.
Small businesses often struggle with CMMC compliance. What advice would you give them?
CMMC compliance can feel overwhelming, especially for small businesses with limited resources, but it doesn’t have to be. The key is to scope strategically. Instead of attempting to secure your entire IT environment, focus on creating a secure perimeter around your controlled unclassified information (CUI).
One common misconception is that achieving compliance means moving everything to the cloud. That’s not always true. Many small businesses can leverage existing cloud vendors with certifications like FedRAMP to meet requirements without overhauling their entire infrastructure. Start small, focus on the areas that matter most, and build from there.
You’ve mentioned the importance of balancing technical expertise with leadership. How do you foster a strong team culture, especially in a remote environment?
Leading a remote team requires intentionality. We have daily huddles, but the focus isn’t always on work. We spend a lot of time talking about personal things—like what we watched on TV or weekend plans. It might seem trivial, but it helps build trust and camaraderie, which are vital in high-pressure fields like cybersecurity.
I also try to lead by example. My philosophy is simple: Be the person you wish you had when you were starting out. That means being approachable, making time for mentorship, and genuinely caring about my team’s growth—not just their deliverables.
What are the biggest challenges in keeping up with the evolving cybersecurity landscape?
One of the biggest challenges is staying ahead of emerging threats. Cybercriminals are constantly adapting, so we have to as well. This requires not just technical expertise but also agility and an openness to learning.
It’s also crucial to communicate these challenges to clients in a way that’s clear and actionable. Many organizations don’t fully understand the risks they face or the steps they need to take. Part of my job is translating complex cybersecurity issues into practical advice that businesses can implement.
What leadership advice would you give to women entering cybersecurity or governance roles?
First, don’t underestimate the value of your unique perspective. Cybersecurity needs diverse voices to solve complex problems, and that includes women who bring different ways of thinking to the table.
Second, remember that leadership isn’t just about managing tasks—it’s about building people up. Take time to invest in your team’s development and well-being. Celebrate their successes, support them in their challenges, and always lead with empathy.
Finally, embrace curiosity. Never stop asking questions, whether you’re troubleshooting a security issue or figuring out how to grow as a leader.
What’s your approach to managing high-pressure situations, especially when dealing with cybersecurity incidents?
It’s all about staying calm and focused. During an incident, your team will look to you for guidance, so it’s important to model the behavior you want to see—staying composed, clear, and solution-oriented.
I also make sure to debrief after every major incident. This isn’t about assigning blame; it’s about learning and improving. What worked? What didn’t? How can we do better next time? These reflections are critical for building resilience within the team.
What’s next for you in your career?
I’m passionate about continuing to make cybersecurity and compliance accessible to organizations of all sizes. Whether that means refining processes for small businesses or mentoring the next generation of leaders, my goal is to leave the industry better than I found it.
On a personal level, I’m also committed to fostering a culture of inclusion in cybersecurity. The more we can support diverse voices and perspectives, the stronger we’ll be as a field.